Updated: 24.11.2002; 11:44:31 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Tuesday, December 19, 2000

The risk of a seldom-used URL syntax

Recently, a mailing list I'm on forwarded a report of a "hack" of the CNN.com site. Upon looking closely, I found that the CNN site hadn't been hacked at all -- it was the *minds* of readers of this hoax "report" that were being hacked! Rather cute, actually, but it exposes what is perhaps a larger RISK, so please bear with me while I set up the story...

An MIT student named Eric Varady took a parody news article from The Onion , edited the layout to resemble CNN's format, and copied it to his own site . (Note that multiple threatened legal actions have since forced him to remove the original content, but an explanation page is still there.)

He then passed around a "report of a hack of the CNN site" with a URL [which I *do* hope makes it through the mail-to-HTML scripts at Catless!] of .

If you look very closely, you'll see that the actual host named by this URL is not "www.cnn.com", but "18.69.0.44" (a.k.a. salticus-peckhamae.mit.edu). That is, for IP-based/Internet URL "schemes" such as HTTP or FTP, the general format defined in RFC 1738 is:

://[[:]@][:]/

The "user" field is very rarely used, and even then is more often seen with FTP than HTTP. But since it contained an at-sign before the first slash, the hoax URL was really with the (ignored) user field of "www.cnn.com&story=breaking_news". Cute, eh?

More serious scams of this sort are possible, given the number of users who (1) have *no* idea what the formal syntax of a URL is, and (2) routinely access the Web through "portals" which often create complicated indirection URLs to aid with logging or tracking to support advertising revenue, e.g.:

The RISK is that users are being bombarded with these monstrosities so often that they've grown used to it, and that they'll fail to recognize when they're being sent someplace they might not really want to go!! (Perhaps when it's not a joke, such as being sent to a porn site while working at a company with a "no tolerance" policy.) [rpw3@rigden.engr.sgi.com (Rob Warnock) via risks-digest Volume 21, Issue 16]
0:00 # G!

Another DMV Break-in, in Oregon

On the heels of Paul Nowak's RISKS-21.14 report of the Arizona Motor Vehicle counterfeiting rings came this somewhat belated report of a break-in at the Gresham, Oregon DMV office on 12 Dec 2000. The thieves were apparently pretty well prepared, as they took less than two minutes to take computer equipment containing personal information on 3,215 people who had recently obtained licenses, plus blank cards and a machine for making bogus drivers' licenses and ID cards. [Source: Stuart Tomlinson, *The Oregonian*; PGN-ed. Was at http://www.oregonlive.com/news/oregonian/metroeast_week.ssf ?/news/oregonian/00/12/metroeast/e6_dmv15.frame] ["Peter G. Neumann" via risks-digest Volume 21, Issue 15]
0:00 # G!

Maximillian Dornseif, 2002.
 
December 2000
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Nov   Jan
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.